image credit: Bernard Oh / Flickr

Microsoft Warns of Email Attacks Executing Code Using an Old Bug

Microsoft is warning of a fresh email campaign that distributes malicious RTF files boobytrapped with an exploit dating back to a 2017 vulnerability, CVE-2017-11882.

The exploit allows attackers to automatically run malicious code without requiring user interaction.

“The CVE-2017-11882 vulnerability was fixed in 2017, but to this day, we still observe the exploit in attacks,” Microsoft Security Intelligence tweeted on Friday. “Notably, we saw increased activity in the past few weeks. We strongly recommend applying security updates.”

Read More on Threat Post